Refresh automation library documentation

_shared_content/automate/library/stormshield.md

@@ -0,0 +1,102 @@
+uuid: 59498b29-5cfb-46e6-aaf1-9c0c3afeb00c
+name: Stormshield
+type: playbook
+
+# Stormshield
+
+![Stormshield](/assets/playbooks/library/stormshield.png){ align=right width=150 }
+
+Stormshield Network Security is a range of network security appliances.
+
+## Configuration
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `url` | `string` | Base URL of the Stormshield SNS API |
+| `api_token` | `string` | Authentication token for the API |
+
+## Actions
+
+### Block IP address
+
+Block an IPv4 or IPv6 address on Stormshield SNS.
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `ip_address` | `string` | IPv4 or IPv6 address to block |
+| `duration_s` | `integer` | Duration in seconds for which the IP should be blocked |
+
+
+**Outputs**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `status` | `string` |  |
+| `ip_address` | `string` |  |
+| `duration_s` | `integer` |  |
+| `message` | `string` |  |
+| `response` | `object` |  |
+
+## Set up
+
+uuid: 59498b29-5cfb-46e6-aaf1-9c0c3afeb00c
+name: Stormshield
+type: playbook
+
+# Stormshield
+
+![Stormshield](/assets/playbooks/library/stormshield-ses.png){ align=right width=150 }
+
+Stormshield Network Security is a range of network security appliances.
+
+## Configuration
+
+### Create a Stormshield REST API key
+
+1. **Access the administration interface:**
+
+      - Open your web browser and go to the firewall administration URL (e.g., `https://api.stormshield.lab`).
+
+      - Enter your username and password to log in.
+
+2. **Navigate to the REST API menu:**
+
+      - In the left navigation column, expand the **SYSTEM** menu.
+
+      - Click on **REST API**.
+
+3. **Initiate the key creation:**
+
+      - On the REST API page, navigate to the **API KEY** tab.
+
+      - Click the **Create** button.
+
+4. **Configure key privileges:**
+
+      - In the creation pop-up window, configure the following:
+
+         - **Comment**: Add a description if necessary (optional).
+         - **Lifespan**: Modify the validity duration according to your needs (optional).
+         - **Access rights**: You must select the **Blacklist management - Read/Write** option.
+
+      - Validate the generation.
+
+5. **Save the generated key and secret:**
+
+      - A confirmation window titled "THE API KEY HAS BEEN CREATED" appears.
+
+      - Copy the long alphanumeric character string generated in the bottom text field.
+
+    !!! warning
+        Make sure to store this API key and the associated secret in a secure location (like a password manager). The system explicitly states that it will be impossible to recover this secret once this window is closed.
+
+6. **Finish the operation:**
+
+      - Only after ensuring you have safely saved the secret, click the **CLOSE** button to close the window.
+
+
+## Extra
+
+Module **`Stormshield` v1.0.3**

mkdocs.yml

@@ -40,7 +40,7 @@ nav:
 - Getting started:
   - Overview: getting_started/index.md
   - Where to start: getting_started/concepts.md
-  - Trainings: 
+  - Trainings:
     - Training offer overview: getting_started/training_overview.md
     - Register for a training course: getting_started/register_training.md
   - Workspace setup:
@@ -88,11 +88,11 @@ nav:
       - Intelligence: cti/features/consume/intelligence.md
       - Observables: cti/features/consume/observables.md
       - Telemetry: cti/features/consume/telemetry.md
-      - Feeds: 
-          - Understand the feeds: cti/features/consume/feeds.md
-          - Create feeds: cti/features/consume/create_feed.md
-          - Manage feeds: cti/features/consume/manage_feeds.md
-          - Create a detection rule from a feed: cti/features/consume/create_detection_rule_from_feed.md
+      - Feeds:
+        - Understand the feeds: cti/features/consume/feeds.md
+        - Create feeds: cti/features/consume/create_feed.md
+        - Manage feeds: cti/features/consume/manage_feeds.md
+        - Create a detection rule from a feed: cti/features/consume/create_detection_rule_from_feed.md
       - Graph Explorations: cti/features/consume/graph_explorations.md
       - Export: cti/features/consume/export.md
       - IOCs Collections: cti/features/consume/ioccollections.md
@@ -107,7 +107,7 @@ nav:
       - MISP Feed: cti/features/integrations/misp.md
       - MISP - Import to IOC Collection: cti/features/integrations/misp_ids_to_ioc_collection.md
       - Microsoft Sentinel: cti/features/integrations/microsoft-sentinel.md
-      - OpenCTI Import Connector: cti/features/integrations/opencti.md     
+      - OpenCTI Import Connector: cti/features/integrations/opencti.md
       - OpenCTI Stream Connector: cti/features/integrations/opencti-stream-connector.md
       - Splunk: cti/features/integrations/splunk.md
       - Splunk SOAR: cti/features/integrations/splunk_soar.md
@@ -124,10 +124,10 @@ nav:
       - Intakes: xdr/features/collect/intakes.md
       - Entities: xdr/features/collect/entities.md
       - Assets: xdr/features/collect/assets.md
-      - Optimization rules: 
-         - Optimization rules overview: xdr/features/collect/optimization_rules_overview.md          
-         - Create an optimization rule: xdr/features/collect/create_optimization_rule.md
-         - Optimization rules technical references: xdr/features/collect/optimization_rules_reference.md
+      - Optimization rules:
+        - Optimization rules overview: xdr/features/collect/optimization_rules_overview.md
+        - Create an optimization rule: xdr/features/collect/create_optimization_rule.md
+        - Optimization rules technical references: xdr/features/collect/optimization_rules_reference.md
     - Detect:
       - IOCs Detection: xdr/features/detect/iocdetection.md
       - Rules Catalog: xdr/features/detect/rules_catalog.md
@@ -139,17 +139,17 @@ nav:
       - Alerts: xdr/features/investigate/alerts.md
       - Events page: xdr/features/investigate/events.md
       - Massive event export:
-        - Understand massive event export: xdr/features/investigate/event_export.md 
+        - Understand massive event export: xdr/features/investigate/event_export.md
         - Export events with CLI: xdr/features/investigate/export_event_cli.md
         - Export events with API: xdr/features/investigate/export_event_API.md
-        - Massive export technical specifications: xdr/features/investigate/export_reference.md 
+        - Massive export technical specifications: xdr/features/investigate/export_reference.md
         - Massive event export troubleshooting: xdr/features/investigate/export_event_bulk_troubleshooting.md
-      - Cases: 
+      - Cases:
         - Cases overview: xdr/features/investigate/cases.md
-        - Create and manage cases: 
+        - Create and manage cases:
           - Create a case: xdr/features/investigate/create_a_case.md
           - Manage cases: xdr/features/investigate/manage_cases.md
-        - Investigate cases: 
+        - Investigate cases:
           - Investigate case details: xdr/features/investigate/case_details.md
           - Graph investigation: xdr/features/investigate/graph_investigation.md
           - AI Cases: xdr/features/investigate/ai_cases.md
@@ -174,9 +174,9 @@ nav:
         - How-to guides: xdr/features/investigate/sol_how_to_guides.md
         - SOL Datasets: xdr/features/investigate/sol_datasets.md
         - Query examples: xdr/features/investigate/sol_query_examples.md
-        - "Reference: Datasources": xdr/features/investigate/sol_ref_datasources.md
-        - "Reference: Operators": xdr/features/investigate/sol_ref_operators.md
-        - "Reference: Functions": xdr/features/investigate/sol_ref_functions.md
+        - 'Reference: Datasources': xdr/features/investigate/sol_ref_datasources.md
+        - 'Reference: Operators': xdr/features/investigate/sol_ref_operators.md
+        - 'Reference: Functions': xdr/features/investigate/sol_ref_functions.md
       - Notebooks: xdr/features/investigate/notebooks.md
     - Report:
       - Dashboards:
@@ -203,14 +203,13 @@ nav:
       - Palo Alto Cortex XSOAR: xdr/features/integrations/interconnect_sekoia_with_xsoar.md
       - Swimlane Turbine: xdr/features/integrations/swimlane_turbine.md
   - Asset Intelligence (Reveal):
-      - Reveal overview: xdr/features/modules/reveal_index.md
-      - Get started with Reveal: xdr/features/modules/reveal_getting_started.md
-      - Explore assets context: xdr/features/modules/reveal_asset_context_panel.md
-      - Visualize attack paths: xdr/features/investigate/attack_path_visualization.md
-      - Discover Points of Interest: xdr/features/detect/points_of_interest.md
-      - Check asset connector health: xdr/features/collect/asset_connector_health.md
-      - Reveal enablement matrix: xdr/features/modules/reveal_feature_enablement.md
-
+    - Reveal overview: xdr/features/modules/reveal_index.md
+    - Get started with Reveal: xdr/features/modules/reveal_getting_started.md
+    - Explore assets context: xdr/features/modules/reveal_asset_context_panel.md
+    - Visualize attack paths: xdr/features/investigate/attack_path_visualization.md
+    - Discover Points of Interest: xdr/features/detect/points_of_interest.md
+    - Check asset connector health: xdr/features/collect/asset_connector_health.md
+    - Reveal enablement matrix: xdr/features/modules/reveal_feature_enablement.md
 - Usecases:
   - Export large volumes of events: xdr/usecases/massive_export.md
   - Implement a blocklist in Sekoia.io: xdr/usecases/playbook/implement_blocklist.md
@@ -220,8 +219,6 @@ nav:
   - Use your own CTI in Sekoia.io: xdr/usecases/use_your_own_cti.md
   - Investigate overusage: xdr/usecases/playbook/investigate_overusage.md
   - Log volume reduction strategies: xdr/usecases/playbook/log_volume_reduction_strategies.md
-
-
 - FAQ and troubleshooting:
   - General: xdr/FAQ.md
   - Alerts: xdr/FAQ/Alerts_qa.md
@@ -241,13 +238,12 @@ nav:
   - Assets: xdr/FAQ/Assets_qa.md
   - Ingestion:
     - Delay with event ingestion or alert creation: xdr/FAQ/ingestion/ingestion_delay.md
-  - Subscriptions: 
+  - Subscriptions:
     - Allocate trial subscription: xdr/FAQ/subscriptions/allocate_trial_subscription.md
     - Subscriptions notifications: xdr/FAQ/subscriptions/subscriptions_notifications.md
   - Sekoia.io Endpoint agent: xdr/FAQ/SEKOIA_Endpoint_Agent.md
   - Datetime representation: xdr/FAQ/datetime.md
   - Reveal troubleshooting: xdr/features/modules/reveal_troubleshoot.md
-
 - Integrations:
   - Introduction: integration/index.md
   - Ingestion methods:
@@ -513,7 +509,6 @@ nav:
     - Threat Intelligence:
       - Prodaft USTA: integration/categories/threat_intelligence/prodaft_usta.md
   - List of Playbooks Actions:
-    - Overview: integration/action_library/overview.md
     - Applicative:
       - ElasticSearch: integration/action_library/elasticsearch.md
       - Mandrill: integration/action_library/mandrill.md
@@ -559,7 +554,9 @@ nav:
     - Network:
       - Fortigate Firewalls: integration/action_library/fortigate-firewalls.md
       - Sophos: integration/action_library/sophos.md
+      - Stormshield: integration/action_library/stormshield.md
       - Zscaler: integration/action_library/zscaler.md
+    - Overview: integration/action_library/overview.md
     - Threat Intelligence:
       - Censys: integration/action_library/censys.md
       - Certificate Transparency: integration/action_library/certificate-transparency.md
@@ -627,11 +624,11 @@ plugins:
 - search: null
 - redirects:
     redirect_maps:
-      xdr/features/investigate/sekoia_operating_language.md: xdr/features/investigate/sol_overview.md
       getting_started/2fa.md: getting_started/account_security.md
       getting_started/apikey_creation.md: getting_started/manage_api_keys.md
       getting_started/first_steps.md: getting_started/index.md
       getting_started/inviting_users_to_join_your_community.md: getting_started/invite_users.md
+      integration/categories/network/beyondtrust_pra_sessions.md: integration/categories/iam/beyondtrust_pra_sessions.md
       intelligence_center.md: cti/index.md
       intelligence_center/dashboard.md: cti/features/monitor/dashboard.md
       intelligence_center/data_export.md: cti/features/consume/export.md
@@ -844,7 +841,7 @@ plugins:
       xdr/features/collect/integrations/network/wallix.md: integration/categories/iam/wallix.md
       xdr/features/collect/integrations/network/watchguard_firebox.md: integration/categories/network_security/watchguard_firebox.md
       xdr/features/investigate/dork_language.md: xdr/features/investigate/events_query_language.md
-      integration/categories/network/beyondtrust_pra_sessions.md: integration/categories/iam/beyondtrust_pra_sessions.md
+      xdr/features/investigate/sekoia_operating_language.md: xdr/features/investigate/sol_overview.md
 - integration_by_uuid
 - sass
 repo_url: https://github.com/SEKOIA-IO/documentation